Security-as-a-Service for Small and Medium Sized Businesses
How can IT security professionals take advantage of Security-as-a-Service to supplement their existing security programs?
While cyber-attacks are increasing, your IT budgets and available security staff probably isn’t. You have too little time, too many alerts, and security tools are becoming more expensive and time consuming.
In this presentation, Ryan Kelly, Solutions Engineer, AT&T Cybersecurity and Kevin Landt, VP of Product Management, Cygilant, will explore ways that IT security professionals can leverage Security-as-a-Service options, including:
Florian Schaub, CIPP/US, CIPT Assistant Professor, University of Michigan School of Information.
Privacy engineering aims to respect and protect user privacy. User studies provide insights on users' privacy needs, concerns and expectations, and are essential to understanding a system's actual privacy issues from a user perspective. This session will draw on the speaker's research regarding privacy notices and controls online, on smartphones and with smart speakers to discuss how and why privacy controls are often misaligned with user needs. It will also examine how user studies can inform the design of user-centric privacy protections to more effectively meet user needs, as well as benefit companies.
Chad Anderson, Senior Security Researcher, DomainTools
Given the current economic climate and scrutinized security budgets as a result of COVID-19, security teams are finding it more difficult to fill gaps in their threat intelligence collection requirements, therefore limiting their potential effectiveness and efficiency.
This leaves analysts asking themselves questions like: if I’m starting an investigation from a single or list of indicators, how can I move faster and act as a force multiplier on my team? The resounding answer from seasoned security professionals is automation. In this webinar, join subject matter experts to learn how to harness the power of automation, use open source tools and data sources to build Jupyter Notebook playbooks, and effectively collaborate with team members.
In this webinar you will learn:
•The value of using automation in your investigations
•Practical strategies for collecting information on indicators
•How to take advantage of pre-existing Jupyter Notebooks playbooks
Insider Threats are one of the top risks on many organizations list of top threats. They can be divided in three categories which require different view points for mitigating: malicious insiders, negligent insiders, and infiltrators. In this webinar, we look at all three and how organizations can assess and mitigate the risks of insider threats.
Address the Hidden Risk in Cloud Infrastructure: Misconfigured Identities, Access & Privileges
In the public cloud, thousands of human and machine identities, roles, policies, entitlements and configurations determine what hackers can do if they gain a foothold in your environment. One excess permission or open port can make the difference between a failed breach attempt and devastating data loss. By 2023, Gartner predicts that 75% of cloud security failures will result from inadequate management of identities, access and privileges. First-generation cloud security solutions do not give you visibility into access entitlements and risks. And the complexity of cloud infrastructure and development velocity make it virtually impossible to analyze and remediate at scale.
In this session we’ll discuss:
•The hidden threats to AWS, Azure and Google Cloud Platform
•The difference between managing human and machine identities
•How identity and network configuration affect data security
•Automating public cloud security throughout the software lifecycle
Remote work has become mainstream in a very short amount of time. Companies across multiple industries had to adjust very quickly with varying amounts of difficulty to this new normal where most of the employees are working remotely. This new normal also exacerbates existing administrative issues and presents new ones.
Join us in this webinar as we discuss;
•Steps companies took to achieve business continuity in a short time
•Challenges faced by technologies chosen to facilitate remote work
•Long term approaches available to better secure your remote workforce
Turning the table on cybercrime : The journey to Adaptive Security Strategy and impact on your cybersecurity Career
The fast-paced technological innovations are changing how end users consumer services and how organizations do business. However those innovations are also expending the attack surface with a hyperconnected world introducing new opportunities & means for cybercriminals to reach the sensitive data of organizations.
How can we turn the table on cybercriminals when they are well organized, developing cyberattacks that are stealth by design and even leveraging their own innovation techniques in order to compromise organizations.
Join us to hear about the latest threat vectors , how COVID pandemic is being leveraged by cybercriminals, how organizations can thwart those threats with an AI-powered Adaptive Cybersecurity Framework and how to future-proof your cybersecurity career in those ever-changing technological and threat landscapes
Business adoption of cloud technologies, such as SaaS and IaaS, provides huge productivity wins but also brings major impact to security programs. Learn from leading Silicon Valley CISOs on how their companies are rethinking their approaches and building security strategies to protect their most important assets, data, in cloud applications and systems.
What we’ll cover:
- How cloud architectures impact threat models
- Why traditional controls are irrelevant and must be enhanced/replaced
- Autonomous & scalable security at the speed of business
- Tips you can use today
The need to enable mass work from home has left many organizations looking for new approaches to IAM. Now is the time to assess how identity-centric Zero Trust models offer an effective strategic framework for transforming security schemes, and facilitating our users’ need for anywhere, anytime access to cloud applications and services.
During this session we’ll discuss:
• Limitations of existing perimeter security models
• The Zero Trust alternative:
• Benefits of Zero Trust
• How zero trust concepts can address the fast moving needs related to COVID, and the new ‘work from home’ normal
• The advantages of identity-centric zero trust for modernizing IAM schemes
This session is a high-level overview of the tools, tactics, thinking and analytical skills that are needed to discover, isolate and eliminate Advanced Persistent Threats (APT) in enterprise network environments. A focus of this session will be how to discover brand new APT malware when the existence of such malware is not known or suspected and when the malware is not detected by anti-virus software, Intrusion Detection Systems (IDS) and other traditional defenses.
This session will discuss the evolution of a career in information security. We will highlight the future of this space and how it will develop in the next 30 years given our speaker’s experience with the first 15 years. We will discuss passwords to firewalls to hackers and steps on how women can pivot at each point in our careers.
In this webinar, participants will be introduced to FAIR (Factors
Analysis of Information Risk). FAIR is a quantitative risk analysis
methodology originally conceived of for analyzing information security
risk. Participants will learn the basic concepts behind FAIR and be
introduced to distinctions relevant to doing quantitative analysis of
privacy risk versus security risks.
With October's Cybersecurity Awareness Month approaching fast, it’s important to get security awareness and training top-of-mind with your users. Given that 80% of organizations only allocate two hours or less per year for security awareness, how can you maximize your time with users to ensure behavior change?
In this webinar, we’ll go over proven ways to plan and execute a successful program such as:
· Focusing your program on the riskiest users
· Keeping users engaged and on-your-side
· Benchmarking against top-performing organizations
· Reporting up to key stakeholders
As a part of your attendance, we’ll give you our free eBook, Driving Real Behavior Change: The Complete Guide to Building a Security Awareness Program that Works in addition to other free security awareness materials you can utilize in your program.
ISSA International - Armis- with Curtis Simpson and Christopher Dobrec
By 2021, up to 90% of devices in businesses will be unmanaged - unprotected and un-agentable. Businesses of every segment face this tsunami of new, connected devices. Beyond the traditional laptops and desktops we may use at work, these new smart devices run our operations, manage building automation systems, drive our manufacturing lines, or track and deliver healthcare to patients. Even during the current pandemic, companies are applying these devices in new ways. From contact tracing in hospitals, to cleaning robots in warehouses. These devices are essentially the new endpoint with operating systems, an application, and connect to enterprise networks - even the Internet. But what they are missing is security. This requires a whole new playbook to mitigate security risk and protect the business. How do your security controls stack up in this world of unmanaged devices?
Join Armis’ CISO Curtis Simpson and VP of Product Marketing Christopher Dobrec as they discuss the reality facing businesses with the proliferation of these unmanaged and IoT devices and how to apply agentless device security controls to meet this security challenge.
Can data breach risk be predicted by an organization’s privacy practices? How do privacy and security risk change across different types of organizations? After conducting in-depth research, Osano has discovered that companies with poor practices are more likely to suffer a data breach, and the severity of the breach they experience is many multiples worse.
In this data-driven discussion, Arlo Gilbert, Osano’s Co-Founder and CEO, will present the company’s findings from analyzing more than 11,000 companies and uncovering the important relationship between organizations’ privacy practices are their likelihood of experiencing a data breach. The presentation will break insights down by segments, such as the type of breach and industry.
The lines between privacy and cybersecurity risk are becoming increasingly blurred. Osano’s analysis provides an illustration of how privacy and security are converging, what key risks you should be concerned about, and steps you can take to move forward most effectively.
-The probability and severity of data breaches can be predicted by a
company’s privacy practices
-The privacy practices of breached companies differ across
industries, breach types, and record counts
-How the relationship between data breaches and privacy practices
can be expected to evolve in the future
-Specific steps you can take to improve your privacy and reduce your
likelihood of experiencing a data breach
We’ve been making some progress to move beyond the mere potentiality of women and diversity in cybersecurity. Yet, most industry experts agree that there is still a great deal of work to be done. To reach a more solid and evolved state that sees a true embrace of diversity and inclusion in the cybersecurity space and, more specifically, in organizations and on teams, we must experience sustained systemic support. Industry and executive leaders must lead the charge in undertaking practical everyday actions and implementing longer-term strategies. Indeed, as one C-level leader explains it, when choices are made to limit a labor pool — intentionally or unintentionally, a lower quality cybersecurity workforce remains which hampers an industry already challenged on still other fronts. So what are some pragmatic actions we all can take and what programs, policies or strategies can organizational leaders spearhead to ensure that they are including and gaining advantages from a diverse array of professionals with different backgrounds, experiences, skills and opinions? This presentation will share just some ideas and suggestions from a few industry pros.
ISSA International - Exabeam-Sam Humphries, Joshua Marpet, and Myriah Jaworski
Insider threats from compromised credentials, leading to lateral movement across the network continues unabated. They are notoriously difficult to spot and require lengthy investigations.
Many security operations metrics are time-driven: time-to-detect, time-to-respond, time-to-answer… Security analysts are up against the clock to review, investigate, and act. Manual processes, manual analysis, manual decision making is borne from the idea that machines cannot always be trusted to understand risk as a human would. But the data haystacks continue to grow exponentially, and the needles ever harder to find.
Humans are struggling.
Understanding where and how to focus your analyst’s efforts will help you better protect your organization from risk.
Attend this session to learn about:
-Insider threat and the risks that organizations face
-The “new breed” of insiders and the dangers they pose
-Best practices for developing an insider risk management program
-Leveraging machine learning and automation in the SOC to combat
Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.
This webcast will teach you to plan and execute a high value adversary emulation in a blind red team engagement or as a purple team (in collaboration with the defenders/blue team).
Modern cyberattacks are not limited to network intrusions from outside by hackers. “Internal threat actors” can often be found at the center of a complex mix of simple social engineering attacks and sophisticated, multi-staged infections and data breaches.
The Zero Trust model, based on the simple principle of “trust nobody”, defines rules which enhance the security of networks against modern cyberattacks, whether they are initiated from the outside or within. However, with most of the internet traffic being encrypted, it is becoming increasingly difficult to implement the Zero Trust model in an effective way.
In this webinar, we will look at:
*The role of “internal threat actors” and TLS encryption in modern cyberattacks
* How the Zero Trust model defines the future of cybersecurity
* Why effective decryption is essential for a fool proof Zero Trust strategy.
Troy Vennon, Director of Cybersecurity and Trustworthiness, Covail
More mid-to-smaller companies are being targeted by cyber attackers with ransomware. According to a recent report, the average-sized company impacted has decreased from 2018 to about 650 employees in 2019. This trend will likely continue.
Join Troy Vennon, who leads the Ohio security community of CISOs and security managers (ISAO), for a discussion about protecting your company with practical steps and tight budgets. Troy will discuss how knowing how vulnerable your company is to ransomware helps you better protect from it.
You will learn from this discussion:
+ Top 3 steps your security team can take to protect your network on a budget
+ How to find, prioritize and close vulnerabilities that expose you to ransomware
+ What best practices other companies are deploying to defend their enterprise from attack